openssl genrsa -out ca.key 4096
openssl req -new -x509 -key ca.key -subj "/CN=RIC CA" -days 3650 -out ca.crt

openssl genrsa -out server.key 4096
openssl req -new -key server.key -subj "/CN=h0.feitian.com" -out server.csr
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 3650

openssl pkcs8 -nocrypt  -in server.key -topk8 -out server.der

openssl genrsa -out wildserver.key 4096
openssl req -new -key wildserver.key -subj "/CN=*.feitian.com" -out wildserver.csr
openssl x509 -req -in wildserver.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out wildserver.crt -days 3650


##echo "subjectAltName=IP:${service_ip},DNS:kubernetes,DNS:kubernetes.default,DNS:kubernetes.default.svc,DNS:kubernetes.default.svc.${DNS_DOMAIN},${AltName}" > extfile.cnf
echo "
subjectAltName=IP:192.168.0.1,DNS:h0.feitian.com,DNS:h0.feiye.com,DNS:h0.hpeswlab.net
" > extfile.cnf
openssl genrsa -out sanserver.key 4096
openssl req -new -key sanserver.key -subj "/CN=h0.feitian.com" -out sanserver.csr
openssl x509 -req -in sanserver.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out sanserver.crt -days 3650 -extfile extfile.cnf 

